﻿<?xml version="1.0" encoding="utf-8"?>
<topic id="7a0d4156-3e9e-447e-a00f-cbb68b5fe264" revisionNumber="5">
  <developerHowToDocument xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink">
    <title>How to: Customize the ASP.NET Login Service Authentication Cookie</title>
  <introduction>
    <para>This topic shows an example of how to customize the authentication cookie (ticket) for the ASP.NET Login service. To customize the cookie, you store user-specific data in the cookie during the authenticating process. Customizing the authentication cookie is useful when you need to retain user information and do not wish to use the ASP.NET profile feature.</para>
    <para>The Login service raises the <codeEntityReference autoUpgrade="true">E:System.Web.Security.LoginService.CreatingCookie</codeEntityReference> event after the user credentials have been validated and when setting the authentication cookie. You can customize the cookie by creating an event handler for <codeEntityReference autoUpgrade="true">E:System.Web.Security.LoginService.CreatingCookie</codeEntityReference> and managing the authentication cookie yourself. You can access user name, password and custom credentials through the <codeEntityReference autoUpgrade="true">T:System.Web.Security.CreatingCookieEventsArgs</codeEntityReference> object that is passed to the event handler.</para>
  </introduction>
  <procedure>
    <title>To customize the authentication cookie</title>
    <steps class="ordered">
      <step>
        <content>
          <para>In the application's Global.asax file, create an event handler for the <codeEntityReference autoUpgrade="true">E:System.Web.Security.LoginService.CreatingCookie</codeEntityReference> event and add code to the handler that customizes the cookie. Add your custom information to the cookie's <codeEntityReference autoUpgrade="true">P:System.Web.Security.CreatingCookieEventArgs.CustomCredential</codeEntityReference> property.</para>
          <para>The following example shows an event handler that customizes the authentication cookie by adding the value in the <codeEntityReference autoUpgrade="true">P:System.Web.Security.CreatingCookieEventArgs.CustomCredential</codeEntityReference> property to the <codeEntityReference autoUpgrade="true">P:System.Web.Security.FormsAuthenticationTicket.UserData</codeEntityReference> property.</para>
          <code language="c#">void LoginService_CreatingCookie(object sender,
    CreatingCookieEventArgs e)
{
    int authenticationCookieVersion = 1;
    FormsAuthenticationTicket ticket = new
        FormsAuthenticationTicket 
        (authenticationCookieVersion, 
        e.Username, 
        DateTime.Now, 
        DateTime.Now.AddMinutes(30), 
        e.IsPersistent, 
        e.CustomCredential, 
        FormsAuthentication.FormsCookiePath);

    string encryptedTicket =
        FormsAuthentication.Encrypt(ticket);

    HttpCookie cookie = new HttpCookie 
               (FormsAuthentication.FormsCookieName,
                encryptedTicket);
    cookie.Expires = DateTime.Now.AddMinutes(30d);

    HttpContext.Current.Response.Cookies.Add(cookie);
    e.CookieIsSet = true;
}

Sub LoginService_CreatingCookie(ByVal sender As Object, _
    ByVal e As CreatingCookieEventArgs)
    Dim authenticationCookieVersion As Integer = 1
    Dim ticket As FormsAuthenticationTicket = New _
        FormsAuthenticationTicket _
        (authenticationCookieVersion, _
        e.Username, _
        DateTime.Now, _
        DateTime.Now.AddMinutes(30), _
        e.IsPersistent, _
        e.CustomCredential, _
        FormsAuthentication.FormsCookiePath)

    Dim encryptedTicket As String = _
        FormsAuthentication.Encrypt(ticket)
        
    Dim cookie As HttpCookie = New HttpCookie _
        (FormsAuthentication.FormsCookieName, _
        encryptedTicket)
    cookie.Expires = DateTime.Now.AddMinutes(30)

    HttpContext.Current.Response.Cookies.Add(cookie)
    e.CookieIsSet = True
End Sub</code>
        </content>
      </step>
      <step>
        <content>
          <para>Subscribe the event handler to the <codeEntityReference autoUpgrade="true">E:System.Web.Security.LoginService.CreatingCookie</codeEntityReference> event in the <languageKeyword>Application_Start</languageKeyword> method of the Global.asax file, as shown in the following example code.</para>
          <code language="c#">void Application_Start(object sender, EventArgs e) 
{
    LoginService.CreatingCookie += new
        CreatingCookieEventHandler(LoginService_CreatingCookie);
}

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    AddHandler LoginService.CreatingCookie, _
    AddressOf Me.LoginService_CreatingCookie
End Sub</code>
        </content>
      </step>
      <step>
        <content>
          <para>Call the Login method from the Web application.</para>
          <code>
          </code>
        </content>
      </step>
    </steps>
  </procedure>
  <buildInstructions>
    <content>
      <list class="bullet">
        <listItem>
          <para>
          </para>
        </listItem>
      </list>
    </content>
  </buildInstructions>
  <security>
    <content>
      <para>Always access the Login service over the secure sockets layer (SSL, using HTTPS protocol) when passing sensitive user data.</para>
    </content>
  </security>
  <relatedTopics>
    <link xlink:href="6e121a28-89e8-4974-88a8-70aaa6a7d52b">Login Service Overview</link>
    <codeEntityReference autoUpgrade="true">T:System.Web.Security.LoginService</codeEntityReference>
    <codeEntityReference autoUpgrade="true">T:System.Web.Security.CreatingCookieEventArgs</codeEntityReference>
    <codeEntityReference autoUpgrade="true">T:System.Web.Security.CreatingCookieEventHandler</codeEntityReference>
  </relatedTopics>
</developerHowToDocument>
</topic>